By Joe Fay

Aviva subsidiary assessing impact on data and customers. Wider group unaffected. 

Financial services giant Aviva’s recently acquired subsidiary Succession Wealth has been hit by a cyberattack, leaving it trying to assess the impact on a customer base which includes sports and entertainment professionals. 

Succession Wealth, which offers “high-quality independent financial advice” is not commenting on the nature of the attack, but it understood that it is restricted to its specific systems and that the wider Aviva Group is not affected. 

While Succession Wealth is still working out how the attack has affected customers and their data, its systems are still in operation, and it continues to service clients. 

The firm confirmed in a statement on February 15 that it “has suffered a cyber attack”. It’s understood it was first alerted to a potential attack on February 8. 

In its statement, Succession Wealth said it quickly launched an investigation and has notified the appropriate authorities. It’s understood the firm has been in touch with clients and employees who may have been affected. 

When Aviva took over the firm in 2022, it had approximately 200 planners “advising on £9.5bn of assets” with 19,000 clients. At the time, Aviva said Succession Wealth would continue to operate as a separate regulated, independent, financial advice firm. 

The firm seeks to provide advice “across generations” and has specialist teams which advise sports and entertainment professionals, high wealth groups that have a particularly heightened requirement for confidentiality and discretion. 

“The security of our clients’ information is our top priority and, as a precaution while the investigation is ongoing, we have quickly introduced additional security measures,” the firm stated. 

“Succession Wealth will ensure that clients will not suffer financial loss if their personal data held by Succession is misused as a result of the attack.” 

Organizations across the globe have been falling prey to rising ransomware attacks since the beginning of the year. A recent attack on ION Markets, attributed to ransomware, has caused disruption to derivatives markets worldwide, while the international operations of the UK’s postal service Royal Mail is only just recovering following a ransomware attack in January. 

While Succession Wealth has not disclosed the nature of the attack, Casey Ellis, CTO and founder of crowdsourced security pioneers Bugcrowd and founder of disclose.io, said the references to additional security measures and customer data suggested it could be down to ransomware, “Though we’re only able to speculate at this point.” 

He added that the fact the firm has offered “assurances to customers and staff” suggests they have a good idea of what’s going on. As part of the Aviva Group, “there will be a lot of bright cybersecurity minds on this right now.” 

The “crisis comms team will also be at full throttle as this is now as much about reputation”, Ellis said, not least because of the personal nature of the data and the high profile of some of its customers.